Details
-
Improvement
-
Status: Resolved
-
Normal
-
Resolution: Duplicate
-
None
-
None
-
None
Description
Cassandra currently has 6 permissions:
ALTER: required for ALTER KEYSPCE, ALTER TABLE, CREATE INDEX, DROP INDEX
AUTHORIZE: required for GRANT, REVOKE
CREATE: required for CREATE KEYSPACE, CREATE TABLE
DROP: required for DROP KEYSPACE, DROP TABLE
MODIFY: required for INSERT, DELETE, UPDATE, TRUNCATE
SELECT: required for SELECT
It seems incorrect to lump TRUNCATE with INSERT, DELETE, UPDATE. Every normal user typically does INSERT, DELETE, UPDATE. However a normal user does not need TRUNCATE. We want to prevent normal user accidentally truncating their tables in production. It is better to group TRUNCATE with other destructive operations such as DROP KEYSPACE, DROP TABLE.
Proposal: Move TRUNCATE from MODIFY to DROP permission group
Proposed 6 permissions looks like this:
ALTER: required for ALTER KEYSPCE, ALTER TABLE, CREATE INDEX, DROP INDEX
AUTHORIZE: required for GRANT, REVOKE
CREATE: required for CREATE KEYSPACE, CREATE TABLE
DROP: required for DROP KEYSPACE, DROP TABLE, TRUNCATE
MODIFY: required for INSERT, DELETE, UPDATE
SELECT: required for SELECT
Attachments
Issue Links
- duplicates
-
CASSANDRA-8303 Create a capability limitation framework
- Open